topic Re: Staying Certified in CPE Opportunities

Staying Certified

John — Thu, 09 Nov 2017 16:22:19 GMT

I have over 20 years industry experience and recently (Apr 2017) received my CISSP. One thing that struck me in my seminar week was the number of people (almost half) who lost their certification due to lack of CPEs. Don't let this happen to you. Seriously. The last thing you want is to have to fork out the money to take the test all over again.

CPEs are important. They provide evidence that you are an active participant in the infosec community. They're easy to earn, but don't shrug them off or take them lightly. Earning CPEs will make you better at your job:

- Attend a conference. I can't stress this enough. Almost every region in the US has a weekend conference within a few hours drive. Do it. For about $150 and the cost of beers and hotel room, you can not only earn a ton of CPEs, you'll learn real stuff from practitioners and have the opportunity to meet your peers. Again, do it. I'll definitely be at THOTCON and DerbyCon, maybe Black Hat/DEF CON, so if you don't know anyone hit me up and you won't be there alone.
- Subscribe to the (ISC)2 Twitter feed. Heck, if you're not on Twitter, you're not getting the latest infosec news. (ISC)2's Twitter feed provides pretty good news and a lot of opportunities to earn CPEs.
- Subscribe to InfoSecurity Professional magazine. Hey, you paid for this. Use it. Answer the quiz and get 2 CPEs. That's 12 easy CPEs a year.
- Be social. (ISC)2 has a ton of local chapters out there who host tons of small events. You get credit for these. For the small annual fees many of the chapters charge, it's worth it.
- Be anti-social. (ISC)2's website has links to lots of webinars where you get credit for learning. Not as interesting as going to live events and sharing a beer with someone, but better than watching Elf for the 47th time on Netflix.

If you or your chapter has cool ways to earn CPEs, feel free to post up.

Re: Staying Certified

CISOScott — Tue, 31 Oct 2017 16:14:52 GMT

Also ISC2's CPE website is pretty easy to use. I lost my CEH certification due to the difficulty with their CPE system. It was too frustrating and so I gave up. Not so with the ISC2 site. Also DO NOT WAIT until the end of the year to try to cram them in! You do not want to only know about the security incidents that show up in December of every year. Set yourself an email reminder that recurs every month to enter some CPE's.

Also check the email you used to register if you are going to be changing jobs. ISC2 can fix it for you but you would hate to fail a CPE audit because you changed jobs and forgot to update your email address.

Re: Staying Certified

MarkyMark — Tue, 31 Oct 2017 16:26:46 GMT

Great

@John wrote:
I have over 20 years industry experience and recently (Apr 2017) received my CISSP. One thing that struck me in my seminar week was the number of people (almost half) who lost their certification due to lack of CPEs. Don't let this happen to you. Seriously. The last thing you want is to have to fork out the money to take the test all over again.

CPEs are important. They provide evidence that you are an active participant in the infosec community. They're easy to earn, but don't shrug them off or take them lightly. Earning CPEs will make you better at your job:
Attend a conference. I can't stress this enough. Almost every region in the US has a weekend conference within a few hours drive. Do it. For about $150 and the cost of beers and hotel room, you can not only earn a ton of CPEs, you'll learn real stuff from practitioners and have the opportunity to meet your peers. Again, do it. I'll definitely be at THOTCON and DerbyCon, maybe Black Hat/DEF CON, so if you don't know anyone hit me up and you won't be there alone.
Subscribe to the (ISC)2 Twitter feed. Heck, if you're not on Twitter, you're not getting the latest infosec news.  (ISC)2's Twitter feed provides pretty good news and a lot of opportunities to earn CPEs.
Subscribe to InfoSecurity Professional magazine. Hey, you paid for this. Use it. Answer the quiz and get 2 CPEs. That's 12 easy CPEs a year.
Be social.  (ISC)2 has a ton of local chapters out there who host tons of small events. You get credit for these. For the small annual fees many of the chapters charge, it's worth it.
Be anti-social.  (ISC)2's website has links to lots of webinars where you get credit for learning. Not as interesting as going to live events and sharing a beer with someone, but better than watching Elf for the 47th time on Netflix.
If you or your chapter has cool ways to earn CPEs, feel free to post up.

Great points, John. Getting CPE's has been a struggle for me on and off over the years. These days, it's simply harder to find time to attend these things. While I used to attend a lot of week long conferences (something like the RSA Conference will surpass your annual needs), it's harder and harder to do so lately.

That said, one of the best ways IMO is to reach out to your VAR/Vendor rep etc. and see if they have lunch and learns and other industry events. Most will often have very good events on security trends or even new products (yes, some can be 'salesy', but you can still extrapolate good information from them). And more often than not, the venue are top notch. I've been to a few Cisco events that were held at Morton's or Capital Grill. Yes, you're spending 3 hours for just an hour of CPE, but you're also getting a great lunch.

For those in regulated industries - contact your local LEO and see what they offer. Often times there will be fraud or cybersecurity task forces that you can join and participate in annual meetings that will not only provide great info, but also get to talk to some industry experts. A few years ago, I attended a local task force meeting that was held at the USSS training facility in MD. This included a presentation from the legal/compliance exec of Target that talked about the breach. It also included a tour of the facility afterwards and some demonstrations from the Presidential Protection Detail.

Re: Staying Certified

John — Tue, 31 Oct 2017 16:27:07 GMT

I agree 100%. (ISC)2's CPE website is so easy to use, you really have no excuse for not submitting your work. Just remember to scroll down for the Group A and Group B credits. When I made my first submissions, I spent way too much time trying to figure out what Domain they "best fit".

Re: Staying Certified

Pcooke2002 — Tue, 31 Oct 2017 18:29:29 GMT

I want to also suggest:

Linux academy.

They have great videos that teach Linux admin, devops, containers, big data, and cloud(aws, google, azure, openstack) Most of the security people I run into used to be developers and systems guy but had not done it for years. Technology changes so fast now days. This is a great way to learn what is being taught to the guys in the trenches.

Videos range from 2 minutes to 1 hour. They have hundreds of hours of videos. They let you play with up to 6 VM's ( shutdown after 5 minutes of non-use, and deletes after 10 days of non-use)

Re: Staying Certified

tommym89 — Tue, 31 Oct 2017 21:56:10 GMT

There really are so many ways to earn CPE credits that there's really no reason anyone should let their certification expire. For example, you can even earn a lot of CPE credits each year simply by reading the InfoSecurity Professional magazine that ISC2 publishes for members and taking the quizzes. Each quiz is worth 2 CPEs.

https://www.isc2.org/Member-Resources/InfoSecurity-Professional-Magazine

Re: Staying Certified

Dakotad — Tue, 31 Oct 2017 23:15:36 GMT

You are so right. I forgot about my renewal and discovered I had less than 30 days to get my CPE's. I did it but that was not fun. Learned a lot about CASB's and I am glad I did. Can you say CCSP 😉

Re: Staying Certified

ZippFire — Sat, 04 Nov 2017 09:16:31 GMT

Great read for a newby like me.

Just passed my exam on SSCP and waiting for the certification to compleet.

It's a BIG world if you get access to the ISC2 community, and see all the content to read, to attent, see see and to hear.

Great to be part of this world.

Good to know where the CPE's come from and were to find them!

Re: Staying Certified

Stu1 — Sat, 04 Nov 2017 10:10:48 GMT

Just to add to the point on ISC2 webinars, you can use the BrightTalk app to view recorded webinars offline and earn CPEs that way too. This is useful if you spend any time public transport / commuting etc. The CPEs register automatically after a few days, if you've added your ISC member number to the BrightTalk website.

Re: Staying Certified

aaaguirrep — Sat, 04 Nov 2017 13:05:54 GMT

I am using BrightTalk website to earn CPE. I see webinar of ISC2 or other security vendors. I have registered the webinars and I have earned CPE without problems.

Re: Staying Certified

TankerT — Tue, 07 Nov 2017 22:28:23 GMT

Don't forget about the Type B CPEs. They are easy to get at many employers through mandatory training, or other job related classes.

Re: Staying Certified

hf — Thu, 09 Nov 2017 06:03:53 GMT

It's easy to earn CPEs, for me, I don't have to do something special, just keep reading, writing and training. I hold CISSP since 2004.

Re: Staying Certified

dbohlmann — Fri, 10 Nov 2017 12:42:13 GMT

Amen. When I first got my CISSP I was a little concerned about keeping up with the CPEs. Attending the annual Congress helps. I just joined the Chicago chapter, and they have been doing a great job of offering short conferences and such that come with CPEs, as well. And with all of the online webinars and tutorials and periodicals offered (announced in emails and Twitter), right now I've got my three-years worth of CPEs done in two years... with a lot more on-line opportunities available yet to go.

Re: Staying Certified

jrisner1 — Fri, 10 Nov 2017 21:54:31 GMT

I agree. I personally would not want to spend the money again.

Re: Staying Certified

AdamC — Mon, 13 Nov 2017 11:49:19 GMT

I get most of my CPEs by listening to podcasts on the commute.

Some of the best I have found are:

Down the Security Rabbithole
Security Now
Brakeing Down Security
Risky Biz
Defensive Security
Southern Fried Security

Re: Staying Certified

The_Red_Pill — Mon, 13 Nov 2017 19:14:39 GMT

@John

Do you happen to have the numbers. I would be really interested in seeing the number of people who lost their certification for this reason.

Re: Staying Certified

John — Mon, 13 Nov 2017 20:17:37 GMT

I have no idea, though I think with enough effort, ISC2 could do it. IIRC, there were 20 people in my seminar and 8 had expired certs. And fewer than 8 showed-up for celebratory booze afterward. Those that did show up said that the test is way harder than it used to be.

Re: Staying Certified

Badfilemagic — Fri, 17 Nov 2017 02:00:47 GMT

I think the CPE situation is what keeps the Webcast Industrial Complex in business. So many SANS webcasts for CPEs... 🙂 Since the cash infusion lead by Ron Gula, Cybrary.it's content has gotten pretty good, too, and is a good source for CPE time.

Re: Staying Certified

Sven — Sun, 26 Nov 2017 15:03:09 GMT

You also might consider courses at

- edX ... courses for free, certificates from 50 € ... e.g. "Cyber Security Economics" (10 weeks with 2-4h work per week)

- coursera ... "audit" courses for free, 33 € per month, if you want to have access to tests and get a certificate

There are many other online course providers you can choose from.

Re: Staying Certified

Leaningforward — Sun, 26 Nov 2017 17:57:36 GMT

This thread is a good read. I recently passed the CISSP and I’m waiting for official approval. Understanding the CPE requirement is important as discussed by others. I appreciate the information!

Howard